1. Field of the Invention
The present invention relates to a subscriber terminal, an integration authentication server, and a bundle authentication system and method having the same, and more particularly, to a bundle authentication system and method for network access and user authentication at a service request in a next generation network utilizing a Bundled Authentication Key (BAK) generated by using an Extended Master Session Key (EMSK) that is an encryption key generated during access authentication.
2. Description of the Related Art
An IP Multimedia Subsystem (IMS) is the core technology for delivering new services in next generation communications environments based on networks integrated using IP. Research into the IMS has been actively conducted. In particular, the development of the IMS has been undertaken in order to control mobile communications networks according to the 3rd Generation Partnership Project (3GPP). Further, revisions and supplements have been made such that the IMS can be applied to wired networks by a Next Generation Network (NGN) of Telecommunications and Internet converged Services and Protocols for Advanced Networks (TISPAN). Furthermore, research has been conducted to apply the IMS to the NGN structure defined in the International Telecommunication Union, Telecommunication Sector (ITU-T) so as to utilize the NGN as a standard platform in an IP-based wired/wireless integrated network. Various kinds of security technologies have been standardized to provide security in this environment.
However, in order for users to use services, network access authentications to access networks and service authentications to be provided with services are performed independently of each other in security frameworks currently being researched. In order to solve this problem, research into security frameworks for network access authentication and service for subscribers has been conducted. Network Attachment subsystem-IMS (NASS-IMS) bundle authentication has been currently proposed. According to the NASS-IMS bundle authentication, a process of extending successful authentication in the NASS layer to another layer is performed. While a subscriber performs a network access, the NASS authenticates the subscriber, allocates an IP address and stores second and third layer identifiers in an NASS profile. Then, when the subscriber transmits a request message to use services, a P-CSCF in an IMS network inquires of the NASS to obtain information about a user's location. When the NASS transmits subscriber information to the P-CSCF, the P-CSCF includes the location information in an SIP message and transmits the SIP message to the S-CSCF, which then verifies the user's location information. When receiving the message transmitted from the P-CSCF, the S-CSCF performs verification by comparing the transmitted subscriber's information with subscriber's location information obtained using a User Profile Server Function (UPSF) and performs authentication of the subscriber in the IMS layer if the verification succeeds. That is, when the subscriber registers with the IMS, it is important for the NASS to check a location at which the subscriber registers. When the checked location coincides with the location in the NASS, the user is authorized to access the IMS layer and is thus given the right to access IMS. As described above, the NASS-IMS bundle authentication provides bundle authentication on the basis of subscriber's location information.
In addition to the above-described NASS-IMS bundle authentication, bundle authentication is also performed on the basis of subscriber's IP information. According to this authentication, when a subscriber requests the use of services, subscriber's IP information is transmitted to the IMS layer and subscriber identification and authentication is then performed. According to the above-described bundle authentications being performed on the basis of subscriber's IP information or location information, bundle authentication can be performed using a simple method without adversely affecting the performance or without incurring overhead. However, IP information or location information used for bundle authentication is susceptible to forgery and theft by attackers, who may make attacks in various ways with the information. Therefore, there has been a need for bundle authentication that is safe from malicious attacks by attackers and does not burden the system like existing bundle authentication.